Lucene search
K

7 matches found

NVD
NVD
added 2020/02/08 7:15 p.m.22 views

CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

9.8CVSS9.3AI score0.02704EPSS
Exploits0References7
CVE
CVE
added 2020/02/08 6:2 p.m.223 views

CVE-2015-5741

CVE-2015-5741 : The Go net/http implementation (net/http/transfer.go) before 1.4.3 fails to correctly parse HTTP headers, enabling remote attackers to perform HTTP request smuggling via requests containing both Content-Length and Transfer-Encoding. This is documented across multiple sources in th...

9.8CVSS9AI score0.02704EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/02/08 6:2 p.m.29 views

CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

9.2AI score0.02704EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2016/07/28 12:0 a.m.29 views

openSUSE Security Update : go (openSUSE-2016-907)

This update for go fixes the following issues : - CVE-2015-5739: 'Content Length' treated as valid header - CVE-2015-5740: Double content-length headers does not return 400 error - CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections Go was...

9.8CVSS6.8AI score0.09625EPSS
Exploits0References4
Cloud Foundry
Cloud Foundry
added 2015/10/07 12:0 a.m.51 views

Golang 1.4.3 CVE Fixes | Cloud Foundry

Golang 1.4.3 CVE Fixes Low Vendor Google Versions Affected Golang v1.4.2 and lower Description Several security issues were fixed in Go’s net / http package. The CVE issue descriptions and fixes are linked below: CVE-2015-5739 – ‘Content Length’ treated as valid header:...

9.8CVSS9.1AI score0.09625EPSS
Exploits0
Amazon
Amazon
added 2015/08/24 12:0 a.m.41 views

Medium: golang, docker

Issue Overview: As discussed upstream -- http://seclists.org/oss-sec/2015/q3/294 and http://seclists.org/oss-sec/2015/q3/237 -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers like "Content Length...

9.8CVSS9.6AI score0.09625EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.39 views

Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)

security fixes for net/http smuggling Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

9.8CVSS7.2AI score0.09625EPSS
Exploits0References5
Rows per page
Query Builder